Job Description

Job Description

Information Security Architect plays a key role in AirAsia Aviation Management Service (AAAMS). They are responsible for protecting the organisation's strategic plans, network and application designs, and implementing security solutions across our organisation. They are knowledgeable about enterprise devices and network systems, software development, cybersecurity, risk management and security compliances.

This role requires a combination of technical expertise, analytical skills, and strong collaboration with various departments and stakeholders. This team will also be responsible for ensuring that Group Information Security remains a data-informed and data-driven organisation.

Responsibilities:

• Design enterprise security architecture and implement security solutions to resolve technical security challenges across the AirAsia Aviation Management Services portfolio of companies and departments.

• Provide domain expertise in end-user/on-prem/cloud computing, network, data, compliance, and information security best practices.

• Evaluate and Strengthen the organisation’s cybersecurity posture by identifying potential vulnerabilities and recommending solutions to mitigate risks.

• Lead and guide the IT Security team in managing workload, ensuring quality deliverables, enhancing performance, and nurturing talent.

• Implement a systematic, proactive approach that balances IT risk and business objectives in alignment with the Enterprise's strategy.

• Spearhead the development, maintenance, and advocacy of the IT Security Program, encompassing strategy, framework, Group/Regional policies, processes, and metrics.

• Continuously identify and assess emerging IT risk and security threats.

• Identify gaps and propose changes to existing policy, process, and system frameworks.

• Develop scalable solutions and work to manage risks across the organisation and develop best practices that are a benefit across the organisation’s security posture.

• Work closely with the superiors to plan and evaluate budgets and cost/savings projections for Information Security-related efforts.

• Update job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, and participating in professional organisations.

• This role will collaborate with cross-functional teams, business stakeholders, peer Information Security teams (Cyber Risk, Policy & Assurance, InfoSec Enterprise Architecture, Cyber Defence, and Business Security), product and engineering teams, and information technology teams.

• Proactively evangelise security best practices, guidelines, and blueprints to foster a culture of security across the organisation, resulting in secure and compliant solutions.

• Continuously expand your knowledge of emerging security threats, frameworks, and regulations, and leverage this intelligence to develop and execute proactive security strategies.

Qualifications:

• Bachelors degree in Computer Science or equivalent practical experience.

• 3-5 years of experience managing information security, software development, and/or information technology projects to completion and working with cross-functional teams.

• Experience securing networks, servers, containerized workloads, private/public cloud/data centre solutions, and with IAM, authentication/authorisation, network security, data protection, cryptography, and penetration testing.

• Experience with cloud solutions such as AWS, Azure, GCP, or other public cloud providers.

• Ability to work effectively with cross-functional groups, executing in a fast-paced, ambiguous and change-oriented environment that requires a high degree of deadline-driven productivity.

• Excellent written and verbal communication skills as well as business acumen and a commercial outlook.

Preferred qualifications:

• MBA or Master’s degree in Computer Science or a related field.

• Experience coding in one or more general-purpose languages.

• Experience in system administration in Windows and/or Linux/Unix environments, including securing operating systems.

• Experience with best practices for security implementations and with scalable network technologies (e.g. load balancers, firewalls).

• Experience in compliance with ISO 27001, PCI DSS, or other relevant standards.

• Experience with Zero-Trust, Autonomic SecOps, and/or DevSecOps practices is highly valued.

Job Requirements